Expert Insight

Cybersecurity Goes Mainstream:

How Cyberattacks Became Business as Usual in 2018

In the past, cyberattacks were attention-grabbing anomalies that appeared to hit the unlucky few. But in 2018 they have become a normal part of modern business, as Glyn Roberts, managing director of Global Knowledge, explains

Cyberattacks used to hit the news as frightening anomalies to the norm. Unfortunately, 2018 was the year that cyberattacks became business as usual.

Almost 1 billion records were leaked in the month of September 2018, according to IT Governance, with a diverse group of organisations affected ranging from Npower, Blue Cross and the United Nations to Park by Phone.

The impact operationally and reputationally is being felt by these organisations and many others.

Government wakes up to cyberattacks

2018 was also the year that the UK government issued a code of practice, focusing on IoT security.

The Internet of Things has gone unsecured for too long according to the Department for Digital, Culture, Media and Sport (DCMS), and the National Cyber Security Centre (NCSC). And, as more connected devices are being used to control everything from door locks and children’s toys to medical products, the risk of cyberattack has become very personal.

The code of practice recommends 13 guidelines for manufacturers, service providers, developers and retailers that include password protection, vulnerability disclosure, software integrity, monitoring and data validation.

“The business community and government is recognising that cybersecurity is no longer just activity carried out by an isolated hacker working maliciously out of their bedroom for thrills.”

It seems that the business community and government is recognising that cybersecurity is no longer just activity carried out by an isolated hacker working maliciously out of their bedroom for thrills.

Organised criminals have spotted the potential rewards and, as well as targeting cybercurrency in the modern-day equivalent of a bank heist, they are now hacking for data in order to sell it or threaten to share it, blackmailing an organisation for financial gain.

The organised hackers have their eyes set on big targets, beyond the quick win access to a bank account some are looking to impact the international political landscape.

Global demand for cybersecurity experts

There is a worldwide demand for skilled professionals who can work within white hat or red hat teams. New job descriptions are being drafted to source individuals with skills that draw from law enforcement and intelligence to technology coding and analytics.

According to the latest global information security workforce study from ISC, there could be up to 1.8 million information security-related roles unfilled worldwide by 2022. In Europe, the shortfall is projected to be about 350,000, with the UK’s share of unfilled cyber security jobs expected to be around 100,000.

“The risks that companies and smaller organisations are exposed to, they've changed dramatically in the past 10 years. It's not that anybody I think really wanted to do this: they had to.”

It’s not been easy for companies to get the skilled help they need. Global Knowledge’s 11th annual IT Skills and Salary Report revealed that 70% of IT decision-makers around the world are facing a shortage of necessary skills, with cybersecurity and cloud computing jobs in the highest demand and paying a premium.

Skills shortages put pressure on employees, making it difficult to meet quality objectives and causing delays in developing new products and services.

The UK’s apprenticeship programme, which the government promotes as a way to improve employability and fill skills gaps, hasn’t been slow to adapt and reflect the need for this new type of IT professional.

In December, Global Knowledge Apprenticeships and Qufaro will be launching the Level 4 Cybersecurity Apprenticeship at Bletchley Park which will be the base for delivering new qualifications in cybersecurity.

2019: the year cybersecurity becomes the most sought-after job

Cyberattacks and data breaches will continue to increase in both frequency and intensity throughout 2019 and most organisations do not feel confident in their ability to prevent them.

As more and more data are being stored across the organisation and in the cloud, it’s getting harder to ensure security.

Many believe that users are the chink in the armour, either through their lack of awareness or through malicious activity.

The need for cybersecurity expertise has grown beyond what could have been predicted. 2019 will be the year that the cybersecurity professionals become the most sort-after employees in the world.

PR nightmares: Ten of the worst corporate data breaches

LinkedIn, 2012

Hackers sold name and password info for more than 117 million accounts

Target, 2013

The personal and financial information of 110 million customers was exposed

JP Morgan, 2014

One JP Morgan Chase’s servers was compromised, resulting in fraud schemes yielding up to $100m

Home Depot, 2014

Hackers stole email and credit card data from more than 50 million customers

Sony, 2014

Emails and sensitive documents were leaked, thought to be by North Korea im retaliation for Sony’s production of a film mocking the country’s leader Kim Jong Un

Hilton Hotels, 2015

Dozens of Hilton and Starwood hotels had their payment systems compromised and hackers managed to steal customer credit card data

TalkTalk, 2015

The personal data of 156,959 customers, including names, addresses, dates of birth and phone numbers, were stolen

Tesco, 2016

Hackers made off with around $3.2m from more than 9,000 Tesco Bank accounts

Swift, 2016

Weaknesses in the Swift payment system resulted in $81m being stolen from the Bangladesh Central Bank’s account at the New York Federal Reserve

Chipotle, 2017

Phishing was used to steal the credit card information of millions of Chipotle customers, thought to be part of a wider restaurant customer scam orchestrated by an Eastern European criminal gang

LinkedIn, 2012

Hackers sold name and password info for more than 117 million accounts

Target, 2013

The personal and financial information of 110 million customers was exposed

JP Morgan, 2014

One JP Morgan Chase’s servers was compromised, resulting in fraud schemes yielding up to $100m

Home Depot, 2014

Hackers stole email and credit card data from more than 50 million customers

Sony, 2014

Emails and sensitive documents were leaked, thought to be by North Korea im retaliation for Sony’s production of a film mocking the country’s leader Kim Jong Un

Hilton Hotels, 2015

Dozens of Hilton and Starwood hotels had their payment systems compromised and hackers managed to steal customer credit card data

TalkTalk, 2015

The personal data of 156,959 customers, including names, addresses, dates of birth and phone numbers, were stolen

Tesco, 2016

Hackers made off with around $3.2m from more than 9,000 Tesco Bank accounts

Swift, 2016

Weaknesses in the Swift payment system resulted in $81m being stolen from the Bangladesh Central Bank’s account at the New York Federal Reserve

Chipotle, 2017

Phishing was used to steal the credit card information of millions of Chipotle customers, thought to be part of a wider restaurant customer scam orchestrated by an Eastern European criminal gang